package cn.mesmile.oauth2.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

/**
 * @author zb
 * @date 2020/4/6 11:31
 * @Description:
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;


    /**
     * 默认的端点 URL
     *
     * /oauth/authorize：授权端点
     * /oauth/token：令牌端点
     * /oauth/confirm_access：用户确认授权提交端点
     * /oauth/error：授权服务错误信息端点
     * /oauth/check_token：用于资源服务访问的令牌解析端点
     * /oauth/token_key：提供公有密匙的端点，如果你使用 JWT 令牌的话
     *
     */

    /**
     * 配置客户端
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        /*
            客户端到认证服务器，请求认证
            http://localhost:9091/oauth/authorize?client_id=client&response_type=code


            客户端拿到code   然后再到认证服务去获取token
            http://client:secret@localhost:9091/oauth/token
                grant_type          authorization_code
                code                OQ7wH6
            {
                "access_token": "4ad306cb-5131-4205-90f0-f912a7c55fae",
                "token_type": "bearer",
                "expires_in": 43199,
                "scope": "app"
            }

         */
        clients.inMemory()
                .withClient("client") // client_id
                .secret(bCryptPasswordEncoder.encode("secret")) // secret 密码
                .authorizedGrantTypes("authorization_code") // 认证方式，授权码
                .scopes("app") // 授权范围
        .redirectUris("http://127.0.0.1:9090/hello"); // 回调地址，授权码会给到这个授权地址

    }
}
